From ec168eedbcc842126c5effac328f0cdc207970f8 Mon Sep 17 00:00:00 2001 From: Kris Baranek Date: Sat, 22 Jul 2023 00:40:24 +0200 Subject: [PATCH] [Modules] Fixed EventHub role assignment naming issues (#3443) * Updated Role Assignment Name/Guid * Added second role assignment to reproduce the issue * Updated readme and ARM templates --- .../namespaces/.test/common/main.test.bicep | 9 +++++++++ modules/event-hub/namespaces/README.md | 20 ++++++++++++++++++- .../.bicep/nested_roleAssignments.bicep | 2 +- .../event-hub/namespaces/eventhubs/main.json | 6 +++--- modules/event-hub/namespaces/main.json | 8 ++++---- 5 files changed, 36 insertions(+), 9 deletions(-) diff --git a/modules/event-hub/namespaces/.test/common/main.test.bicep b/modules/event-hub/namespaces/.test/common/main.test.bicep index 843723b5b1..9c7069c23f 100644 --- a/modules/event-hub/namespaces/.test/common/main.test.bicep +++ b/modules/event-hub/namespaces/.test/common/main.test.bicep @@ -91,6 +91,15 @@ module testDeployment '../../main.bicep' = { eventhubs: [ { name: '${namePrefix}-az-evh-x-001' + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalIds: [ + nestedDependencies.outputs.managedIdentityPrincipalId + ] + principalType: 'ServicePrincipal' + } + ] } { name: '${namePrefix}-az-evh-x-002' diff --git a/modules/event-hub/namespaces/README.md b/modules/event-hub/namespaces/README.md index eb0748c676..6c86a2c452 100644 --- a/modules/event-hub/namespaces/README.md +++ b/modules/event-hub/namespaces/README.md @@ -378,6 +378,15 @@ module namespaces './event-hub/namespaces/main.bicep' = { eventhubs: [ { name: 'az-evh-x-001' + roleAssignments: [ + { + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] } { authorizationRules: [ @@ -541,7 +550,16 @@ module namespaces './event-hub/namespaces/main.bicep' = { "eventhubs": { "value": [ { - "name": "az-evh-x-001" + "name": "az-evh-x-001", + "roleAssignments": [ + { + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] }, { "authorizationRules": [ diff --git a/modules/event-hub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep b/modules/event-hub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep index 46e492817f..cc3c235e25 100644 --- a/modules/event-hub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep +++ b/modules/event-hub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep @@ -59,7 +59,7 @@ resource eventHub 'Microsoft.EventHub/namespaces/eventhubs@2022-01-01-preview' e } resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { - name: guid(split(resourceId, '/')[0], split(resourceId, '/')[1], principalId, roleDefinitionIdOrName) + name: guid(eventHub.id, principalId, roleDefinitionIdOrName) properties: { description: description roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/modules/event-hub/namespaces/eventhubs/main.json b/modules/event-hub/namespaces/eventhubs/main.json index e72812582b..0daf7bbfeb 100644 --- a/modules/event-hub/namespaces/eventhubs/main.json +++ b/modules/event-hub/namespaces/eventhubs/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.18.4.5664", - "templateHash": "10222556087726415534" + "templateHash": "3626705120581865104" } }, "parameters": { @@ -535,7 +535,7 @@ "_generator": { "name": "bicep", "version": "0.18.4.5664", - "templateHash": "15621031357191909045" + "templateHash": "17884890758704755863" } }, "parameters": { @@ -635,7 +635,7 @@ "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "scope": "[format('Microsoft.EventHub/namespaces/{0}/eventhubs/{1}', split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[0], split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[1])]", - "name": "[guid(split(parameters('resourceId'), '/')[0], split(parameters('resourceId'), '/')[1], parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "name": "[guid(resourceId('Microsoft.EventHub/namespaces/eventhubs', split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[0], split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[1]), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", "properties": { "description": "[parameters('description')]", "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", diff --git a/modules/event-hub/namespaces/main.json b/modules/event-hub/namespaces/main.json index 884ef03d60..652c58e4af 100644 --- a/modules/event-hub/namespaces/main.json +++ b/modules/event-hub/namespaces/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.18.4.5664", - "templateHash": "12863324937037450144" + "templateHash": "234993039195821021" } }, "parameters": { @@ -695,7 +695,7 @@ "_generator": { "name": "bicep", "version": "0.18.4.5664", - "templateHash": "10222556087726415534" + "templateHash": "3626705120581865104" } }, "parameters": { @@ -1225,7 +1225,7 @@ "_generator": { "name": "bicep", "version": "0.18.4.5664", - "templateHash": "15621031357191909045" + "templateHash": "17884890758704755863" } }, "parameters": { @@ -1325,7 +1325,7 @@ "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "scope": "[format('Microsoft.EventHub/namespaces/{0}/eventhubs/{1}', split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[0], split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[1])]", - "name": "[guid(split(parameters('resourceId'), '/')[0], split(parameters('resourceId'), '/')[1], parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "name": "[guid(resourceId('Microsoft.EventHub/namespaces/eventhubs', split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[0], split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[1]), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", "properties": { "description": "[parameters('description')]", "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]",